BTRFS and SE LinuxBTRFS and SE Linux
I’ve had problems with systems running SE Linux on BTRFS losing the XATTRs used for storing the SE Linux file labels after a power outage. Here is the link to[...]
Tag: Selinux
SE Linux in Debian/StretchSE Linux in Debian/Stretch
Debian/Stretch has been frozen. Before the freeze I got almost all the bugs in policy fixed, both bugs reported in the Debian BTS and bugs that I know about. This[...]
Running a Shell in a Daemon DomainRunning a Shell in a Daemon Domain
allow unconfined_t logrotate_t:process transition; allow logrotate_t { shell_exec_t bin_t }:file entrypoint; allow logrotate_t unconfined_t:fd use; allow logrotate_t unconfined_t:process sigchld; I recently had a problem with SE Linux policy related to[...]
SE Linux Play Machine Over TorSE Linux Play Machine Over Tor
I work on SE Linux to improve security for all computer users. I think that my work has gone reasonably well in that regard in terms of directly improving security[...]
Fixing Strange Directory Write AccessFixing Strange Directory Write Access
type=AVC msg=audit(1403622580.061:96): avc: denied { write } for pid=1331 comm="mysqld_safe" name="/" dev="dm-0" ino=256 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1403622580.061:96): arch=c000003e syscall=269 success=yes exit=0 a0=ffffffffffffff9c a1=7f5e09bfe798 a2=2 a3=2 items=0 ppid=1109 pid=1331 auid=4294967295[...]
SE Linux Things To DoSE Linux Things To Do
At the end of my talk on Monday about the status of SE Linux [1] I described some of the things that I want to do with SE Linux in[...]
My SE Linux Status Report – LCA 2013My SE Linux Status Report – LCA 2013
This morning I gave a status report on SE Linux. The talk initially didn’t go too well, I wasn’t in the right mental state for it and I moved through[...]
New SE Linux Policy for WheezyNew SE Linux Policy for Wheezy
I’ve just uploaded a new SE Linux policy for Debian/Wheezy. It now works correctly with systemd and Chromium, two significant features that I wanted for Wheezy. Now it turns out[...]
Debian SE Linux Status June 2012Debian SE Linux Status June 2012
It’s almost the Wheezy freeze time and I’ve been working frantically to get things working properly. Policy Status At the moment I’m preparing an upload of the policy which will[...]
SE Linux Status in Debian 2012-03SE Linux Status in Debian 2012-03
I have just finished updating the user-space SE Linux code in Debian/Unstable to the version released on 2012-02-16. There were some changes to the build system from upstream which combined[...]